This was certainly the last thing we expected to see today. [ShaunF] has created a Greasemonkey script to bypass the captcha on filehosting site Megaupload. It uses a neural network in JavaScript to do all of the OCR work. It will auto submit and start downloading too. It’s quite a clever hack and is certainly helped by the simple 3 character captcha the site employs. Attempting to do the same thing with ReCAPTCHA has proven much more difficult.
UPDATE: [John Resig] explained of how it works.
[via Waxy]
The funny thing is the ReCaptcha is actually piggy backing difficult OCR of old texts while also doing a human test. So, if Recaptcha is ever “broken”, they would be solving a significant machine learning problem that would help libraries and text archives world wide.
jDownloader has this function as well along with other features
hosts*
it is somewhat simpler to use less restrictive uploading sites. I never was as big of a fan of MegaUpload as, say, WillHostForFood.
@johnny ReCaptcha shows you a word it knows and a word it doesn’t, so they’d only need to solve the known word. Zero gain for ReCaptcha.
They’ll just have to start using the Voight-Kampff test.
It’s a OCR neural network captcha decoder…in Javascript…at 486 lines of code. My.mind.is.blown.
I’m just now getting dialog boxes and stuff to draw out in JS and this guy’s building an effing Skynet with it in less lines of js then you see in your average cheesy AJAX page.
Megaupload’s captcha wasn’t particularly mind blowing in terms of character obscurity in the first place. A normalised cross correlation filter could do the job just as easy.
I have to say, ShaunF’s little neural network code is pretty cool. However, I can see a couple of problems with the neural network approach.
Neural networks need a training data set (eg. the Megaupload’s captcha images) in order to pre-calculate the weights required for image recognition.
Its classification reliability will be heavily dependent on the choice of training data. Basically there is a danger of over training, or the neural net becoming too specialised for a particular training data set. In such cases, it would be easy to defeat the neural network by simply changing the CAPTCHA images in a significant way. Realistically speaking, it doesn’t take much effort to change a CAPTCHA font – for example.
Also, neural networks trained with a much broader data set will have more false positives and false negatives during recognition. Very fiddly.
Anyone hoping to break Recaptcha in a similar way will have to wait for a few more decades, I’m afraid.
It uses a neural network, huh? That’s some impressive stuff
Hi,
I was trying to bypass the 40 seconds in megaupload.
Apparently it’s a var who contains the seconds left and change name at each page loading. (looks like x2850, x45698, x76954, …) so I made a greasemonkey script to automaticly find this var name, wich it does but I can’t change his value …
$bad_english = true;
Chuck, that timer is just a client side refresh. The real timer is server side, and can’t be changed.
ha ok … too bad …
but anyway why can’t I access to his value ?
alert(” end => “+end+”\r\n this[end] => “+this[end]);
this returns
end => x5258
this[end] => undefined
And also I red the sources of the captcha thing … it’s mad !
And THX
Using javascript? Try this.end
returns the same.
but might be because greasemonkey is executed somehow somewhere else than the var I’m tryin to change.
Anyway thx ! And too bad for the server countdown !
Someone knows if this is bypassable ? Like an algo from page id to file id or something like on youtube&co
@chuck: It sure is. Just sign up for a premium account. ;)
@eliot True, but words which were unknowns to OCR are then later used as known samples once enough users identify the same unknown word. Hence, their method is still fairly secure.
http://www.megaupload.com/?d=105FDGDT
small easy exe hack to update your info, to seem as if you are a premium account user. New, beta, version 1.5
you know they changed how the captchas are now since this came out :P
I am not much of megaupload fan, and it seems to me that at rapidshare in general and at one of its search engines ( http://rapidqueen.com )in particular there are no such bugs.
Now you can earn money for rapidshare.
Just sign up at below link.Its quick and easy money.Directly transferable to your paypal and alertpay account.
creating account on paypal is possible without a credit card.
just skip credit card process.
All you need is a email id.
click below:
$6.00 Welcome Survey After Free Registration!
or past in browser
http://www.AWSurveys.com/HomeMain.cfm?RefID=Dexobox
(please do not remove my reffrel id)
pls help me i have to get at least 75 ppl to sign up.So even if you dont want to earn just sign in.
It uses a neural network, huh? That’s some impressive stuff [2]. It’ make me remember the jokes in images about “how will be the new rapidshare captcha”.
here is the daily hack of rapidshare:
http://rapidbaz.com/from/37332
Megaupload just that enrages! Better all still use rapidshare …
Finally, a blogger who writes good information on a noteworthy topic, I look foward to your future updates. Going to subscribe to your RSS feed so I will be up to date. : ) Good luck & take care!!
useful tool, thanks for putting it up ;)